TykTechnologies / tyk / 7794
39%
master: %

LAST BUILD BRANCH: v2.9.4.8
DEFAULT BRANCH: master
Ran
Jobs 1
Files 0
Run time
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
7794

push

travis-ci

komalsukhani 
Add support of RSA in request signing and request check middleware (#2467)

Fixes #2452

 ### **Added new fields in below structure**

**Session**
1. _EnableHTTPSignatureValidation bool_
            This field should be used to enable signature validation for both `HMAC` and `RSA`.
**Note**: `HMACEnabled` field will still be supported for backward compatibility, but will be deprecated in future.

2. _RSACertificateId string_
            Public key certificate ID/path to be used for RSA signature validation.

**Policy**
_1. EnableHTTPSignatureValidation bool_

**Request Signing Middleware**
1. _CertificateId string_
      Public key certificate ID/path to be used for RSA signature generation.
2. _HeaderList []string_
      Optinal field. List of headers to be used for generating signature

You can now validate HTTP message signature signed using RSA private key.
You need to set `EnableHTTPSignatureValidation` to true and `RSACertificateId` to uploaded RSA Public key certificate or to the path of public key pem file.

Now user can sign requests using RSA key pair. They need to set `CertificateId` to uploaded RSA certificate ID or to the path of certificate file itself.

Earlier request signing middleware considered below headers while generating signature string
          ` All the headers of the request + (request-target) + date `

Now you can specify headers to be used by setting `HeaderList` field of request signing middleware.

**Cases**

- If an header is specified in HeaderList but is not set in the request, then that header is ignored.

- If non of the header from the HeaderList is set, then below headers are used for signing request

                     `(request-target) + date`

- If HeaderList is empty, then below headers are used for signing request

              ` All the headers of the request + (request-target) + date `
Jobs
ID Job ID Ran Files Coverage
2 7794.2 (LATEST_GO=true) 0
Travis Job 7794.2
Source Files on build 7794
Detailed source file information is not available for this build.